Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG force threat removal causes "black screen of death" Windows startup (need to set up Live CD)


  • This topic is locked This topic is locked
62 replies to this topic

#1 WTTT3

WTTT3

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 28 January 2010 - 12:24 PM

Hi, my problem stemmed from an infection of the Internet Security 2010 Worm.Win32.Netsky. AVG and the Resident Shield popped up a bunch of infections and I let it (mistakenly) go through with a "force threat removal" on a couple things until it restarted my computer (to the black screen of death). I remember seeing something like "helper.dll" on AVG so that may be one of the files.

I'm now just getting a blank black screen with a mouse pointer. In safe mode, I get the same thing with "Safe Mode" at all four corners. Windows will give me the option to update my product key before all of this. I've noticed hitting "Activate Later" immediately sends me to the black screen. If I click "Activate Now" it opens up Google Chrome and attempts to access the Microsoft website. Although the Google Chrome page stays blank and I get a message that Chrome is not responding and asked if I want to "kill" it or "wait" for it. I also can get some Windows by asking for Assistance with my product key at the startup "Activate Now/Activate Later" box. I get the Windows Help and Support type windows that allow me to click through the hierarchy of links through all of its Help and Support information.

I've attempted "Last Known Good Configuration" to no avail. Someone on this site told me on the live chat that I may need to set up a Live CD. I'm hoping that I can run System Restore through using a CD. I'd go back to any point before this.

As I type this post now on a different comp, I've noticed my infected computer still can keep the Google Chrome browser up but when I attempt to go to a webpage it says "This webpage is not available".. so it is not automatically closing Chrome. But I have no other options. Control-Alt-Del only gives me "Lock this computer, switch user, log off, change a password" (no "Task Manager" because of the original Internet Security 2010 Worm). But other than Chrome loading up when I attempt to update my product key, I get nothing on the screen but a mouse cursor.

That's all the details I can think of including other than I'm running Vista. Thank you in advance to whoever is willing to help.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 PM

Posted 12 February 2010 - 07:20 AM

Hello, I am sorry for the big delay ohmy.gif

First of all, can you please let me know if you attempted a repair installation or something like that?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 12 February 2010 - 03:17 PM

Elise,

Thanks for the reply. The only thing I've done since is recently set up a Live CD with PE Builder. But then I thought I would give this site another try and see if someone could help me with knowing what plugins to set up to run on the Live CD and possibly to help me make another one, based on what originally went wrong with my computer.

I tried the Live CD out last night and it works and I'm able to see my files and run their OS and what not. Also, if you might know; I was going to try to back up my newer files while that were showing up with the Live CD but I couldn't get it to read any USB's so I couldn't do any transferring to my external hard drive last night. I didn't know what my other options might be for backing up files using a Live CD, or how I get it to read a USB connection (or if it even could). I think there might an option to connect to a shared network where I could maybe transfer (backup) my newer files over through that way, but I don't know. I'd like to do something like that before I try a repair installation. So thats where I'm at this afternoon. Thanks a lot. Looking forward to a response.

Wayne



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 PM

Posted 12 February 2010 - 03:22 PM

Hello,
Depending on the Live CD you made, you should normally have USB support.

However, the easiest way to boot from a live CD and use System Restore I know of is OTL-PE. This is a 270 MB download, (with working USB support) that gives you a fully functional OS (you can use My Computer and so on) but also allows us to do an OTL scan and use System Restore.

Let me know if you are all right with that and if so, I will move our topic to the appropriate forum for this and post additional instructions.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 12 February 2010 - 04:34 PM

Ok I did some searching for an OTL-PE download and came across this link (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/resolved-hjt-threads/456697-startup-worm-win32-netsky.html) This person had the exact same virus as me, only they are XP and I'm Vista. And a prematurely ran AVG Force Threat Removal got me to a non-functioning Windows screen. (If that helps any)

Anyways I apologize if it was pointless for me to post that link. But I have the OTL-PE CD burned and ready to go. Should I wait for you to post additional instructions before I even put it in my computer and boot it? Or is it going to be self-explanatory and simple for me to at least get started on backing up some files to an External HD? Thanks again. Greatly appreciated.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 PM

Posted 12 February 2010 - 04:42 PM

For good measure I'll post the complete instructions for the OTLPE download as well. If you have the CD ready no need to do it again.

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 12 February 2010 - 05:30 PM

I actually went back in and used your OTL-PE link just to be safe and burned a new CD.

So I have the CD going and I double-clicked on the OTLPE icon and I didn't get any of those questions. I get a window saying "Browse for Folder" with all my computer letter drives and a "Shared Folder" ... So whether I hit OK or Cancel, another box comes up (titled "RunScanner ..." saying "No windows installations found" and all i can do is hit OK. Also, if this helps; when I double-click the OTLPE icon, very quickly a box about half the size of the screen pops up for a mill-second, it looks like a DOS (?) type screen where u just have a cursor and you type in commands.

So I guess my only option after clicking the OTLPE icon would be to select the right folder/file and hitting OK, but I don't know what folder/file that would be.

Thanks

Edited by WTTT3, 12 February 2010 - 07:28 PM.


#8 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 12 February 2010 - 05:52 PM

Also do you know why the My Computer will not read my External Hard Drives? I've tried two different 1 TB ones. It easily read a 4GB flash drive no problem, and allowed me to easily transfer some files to that.

The system is reading the external HD's because they show up at the bottom at "Safely Remove Hardware" but then there is nothing on My Computer for me to be able to transfer files. Any idea why that is? Thanks

EDIT: Also I just tried an 80GB external HD thinking the 1TB ones might be too powerful for the disc or something (i have no idea), and that doesn't get read by My Computer either, but comes up on the "Safely Remove Hardware" at the bottom, like the others

Edited by WTTT3, 12 February 2010 - 06:00 PM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 PM

Posted 13 February 2010 - 02:15 AM

QUOTE
So I guess my only option after clicking the OTLPE icon would be to select the right folder/file and hitting OK, but I don't know what folder/file that would be.
When asked to select the folder, select your Windows folder. This should get OTL to work.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 15 February 2010 - 12:03 AM

Clicked my (C:) Windows drive and hit ok and got a "RunScanner Error" box- "Target is not windows 2000 or later" ... so I guess that doesn't make sense to me.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 PM

Posted 15 February 2010 - 10:42 AM

Hello, please do the following:

When "Browse for Folder" comes up, expand the C: drive, scroll down until they see the Windows folder, select that, and then hit Ok.

Let me know if it works now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 15 February 2010 - 12:10 PM

Sounds good. It appears to be working. Just so you know when I initially clicked the Windows folder, a "Windows - Registry Recovery" box came up saying "One of the files containing the system's Registry data had to be recovered by use of a log or alternate copy. The recovery was successful." ..I hope thats a good thing :)

I got all the way to the step before the scan. Your instructions say "Change Drivers to Non-Microsoft", but my screen doesn't seem to specifically have that. Under "Drivers" I have 3 options: None, Use Safelist (which is selected), and All. Under "File Scans" there is also a box that may be relevant that says "Skip Microsoft Files" that is unchecked. So I figure I better wait for a response before I cross this final step. Thanks



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 PM

Posted 15 February 2010 - 12:37 PM

That sounds good indeed smile.gif

Please check under Drivers "use safelist". Leave all other settings as they are.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 15 February 2010 - 01:28 PM

OK thanks. "Scan complete!" it says at bottom. Still has the same box open and everything. Nothing has changed but it says scan complete.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 PM

Posted 15 February 2010 - 01:34 PM

QUOTE
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.
smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users